CVE-2024-7262

CRITICAL Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-22
View all →

Vulnerability Description

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document

Related Vulnerabilities

CVE-2009-3721

HIGH
CVSS:7.8(High)

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to ...

CWE-222009

CVE-2015-0016

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gol...

CWE-222015

CVE-2015-3151

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) Ne...

CWE-222015

CVE-2015-7270

HIGH
CVSS:7.8(High)

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

CWE-222015

CVE-2015-8535

HIGH
CVSS:7.8(High)

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center ...

CWE-222015

CVE-2016-4313

HIGH
CVSS:7.8(High)

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.

CWE-222016